Field of the Invention
The present invention relates to data protection using a trusted device in an information processing apparatus.
Description of the Related Art
There exists a technique of mounting a security chip such as a trusted platform module (TPM) in an information processing apparatus and sealing secret information stored in the information processing apparatus.
The TPM includes a register called a platform configuration register (PCR) which stores safely managed key pairs, an encoding function, and the hash values of modules (binary data) in the information processing apparatus. The information processing apparatus holds the hash values of system modules such as a basic input/output system (BIOS) or a boot loader in the PCR and requests the TPM to seal the secret information. The TPM associates the secret information with a register value (PCR value) in the PCR and encodes the secret information (seal). The secret information (sealed data) sealed by the TPM is unsealed by the TPM only when the PCR value associated at the time of sealing is correct.
If the information processing apparatus is unauthorizedly altered, the correct PCR value cannot be held, and the sealed data cannot be unsealed. This can deal with the risk of unauthorized use of the secret information.
Trusted Computing Group (TCG) has standardized trusted boot processing. According to the trusted boot processing, a system registers the hash values of system modules such as a BIOS, boot loader, and kernel in predetermined PCRs so as to use them for seal of secret information. However, when the system registers, in different PCRs, the hash values of the individual applications to be executed after activation of the system, and the applications seal data using corresponding PCR values, the following problem arises.
Since the standard of TCG does not define PCRs to be used by individual applications, a plurality of applications may use a single PCR. In this case, data protection is not correctly performed.
For example, assume that the hash value of an application App1 is registered in a PCR, and the hash value of another application App2 is also unintentionally registered in the PCR in a state in which the application App1 is using the PCR for data protection. In this case, the PCR value changes to an unauthorized value, and the sealed data of App1 cannot be unsealed.